Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/148d88-6136-4374-994b-d53f94e207a9/1/fwhTjjRIhEdJ6uOffHkJ9IbiBcc.roa
File:                     fwhTjjRIhEdJ6uOffHkJ9IbiBcc.roa (raw, json)
Hash identifier:          uAg9kNvS0wjEdBKrNfsh4Pl1caTWWUTWPoPoJJEyRFk=
Subject key identifier:   7F:08:53:8E:34:48:84:47:49:EA:E3:9F:7C:79:09:F4:86:E2:05:C7
Certificate issuer:       /CN=ffb4f40f3211561c29f1bbc320bd87cfa2ddd029
Certificate serial:       019446902474408924F5F0A86D9C16BAB167
Authority key identifier: FF:B4:F4:0F:32:11:56:1C:29:F1:BB:C3:20:BD:87:CF:A2:DD:D0:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_7T0DzIRVhwp8bvDIL2Hz6Ld0Ck.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/148d88-6136-4374-994b-d53f94e207a9/1/fwhTjjRIhEdJ6uOffHkJ9IbiBcc.roa
Signing time:             Wed 08 Jan 2025 15:37:19 +0000
ROA not before:           Wed 08 Jan 2025 15:37:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34762
IP address blocks:        2.59.64.0/24 maxlen: 24
                          2a09:e940::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1b/148d88-6136-4374-994b-d53f94e207a9/1/_7T0DzIRVhwp8bvDIL2Hz6Ld0Ck.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1b/148d88-6136-4374-994b-d53f94e207a9/1/_7T0DzIRVhwp8bvDIL2Hz6Ld0Ck.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_7T0DzIRVhwp8bvDIL2Hz6Ld0Ck.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 21:01:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:46:90:24:74:40:89:24:f5:f0:a8:6d:9c:16:ba:b1:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffb4f40f3211561c29f1bbc320bd87cfa2ddd029
        Validity
            Not Before: Jan  8 15:37:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7f08538e3448844749eae39f7c7909f486e205c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:c6:f9:f7:b1:b2:f9:6c:3f:a8:b9:eb:dc:65:
                    e2:ab:0f:44:60:83:c3:4b:35:3d:d5:1e:a5:2d:ef:
                    cf:65:92:a8:7c:0e:ca:4d:7d:5a:58:7f:df:38:c6:
                    32:ba:57:15:64:5e:6c:62:25:a7:5e:44:30:70:3a:
                    af:86:91:9c:02:89:c7:e2:71:c3:ad:14:e9:b5:13:
                    f1:50:9e:f0:c3:c0:d1:5b:b7:6d:fc:8d:09:67:29:
                    41:10:37:0a:e4:15:2d:6d:f4:e2:e6:b6:c6:e8:6a:
                    ba:b0:1f:a2:b4:67:37:2e:af:c8:22:5f:db:4b:e9:
                    57:18:53:cf:07:de:02:55:68:08:70:b9:bb:cf:63:
                    e8:94:29:ae:47:9a:75:67:2f:a2:c0:9c:2f:db:95:
                    45:be:1b:ae:80:70:80:64:dc:ba:7a:9a:fb:c3:7c:
                    ae:81:36:80:9d:1d:22:5b:61:34:39:d4:67:57:7a:
                    b2:3f:52:e1:e9:4e:0a:ed:30:0f:9d:f9:94:ea:4d:
                    35:e8:1e:ce:da:da:3c:27:e4:ef:5d:01:4b:3d:89:
                    15:33:01:69:73:75:3b:fb:2e:ad:84:7e:e2:43:e4:
                    52:e7:85:fa:aa:7b:cc:66:54:f0:e1:c6:84:d3:99:
                    c3:dd:0c:6b:b1:3d:4e:50:3c:43:8d:12:8a:87:e0:
                    5b:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:08:53:8E:34:48:84:47:49:EA:E3:9F:7C:79:09:F4:86:E2:05:C7
            X509v3 Authority Key Identifier:
                keyid:FF:B4:F4:0F:32:11:56:1C:29:F1:BB:C3:20:BD:87:CF:A2:DD:D0:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_7T0DzIRVhwp8bvDIL2Hz6Ld0Ck.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/148d88-6136-4374-994b-d53f94e207a9/1/fwhTjjRIhEdJ6uOffHkJ9IbiBcc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/148d88-6136-4374-994b-d53f94e207a9/1/_7T0DzIRVhwp8bvDIL2Hz6Ld0Ck.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.64.0/24
                IPv6:
                  2a09:e940::/32

    Signature Algorithm: sha256WithRSAEncryption
         70:7d:7b:f8:2a:d1:e6:e7:41:52:af:6e:f4:1a:f2:af:82:1d:
         50:cd:a7:af:a1:6c:dd:57:5c:1e:c6:64:0a:ba:99:54:c6:dd:
         03:da:6e:3b:63:56:27:04:c3:e7:3b:56:71:c2:fb:8f:6d:71:
         82:89:ad:2c:25:9a:29:50:a8:ff:8a:91:a6:97:1e:73:a2:0a:
         b7:08:f5:12:41:cf:9e:58:88:d6:bf:86:80:9e:1c:7d:71:a7:
         1b:36:df:b1:c4:50:66:ee:3c:21:9c:34:25:30:93:7a:8b:9e:
         e2:d5:28:52:92:6d:5b:26:42:5c:23:16:96:5b:3b:4b:81:43:
         f3:13:d5:8e:b2:b5:26:d6:ec:96:aa:f7:64:df:c3:32:7c:0b:
         3e:bf:1d:b6:32:81:39:1b:f2:08:05:a8:f7:7e:2c:d9:7c:87:
         61:45:cf:64:cc:db:f7:f1:e2:9a:20:b7:07:ea:49:1d:79:06:
         88:cc:2b:89:c5:1b:52:21:ed:fa:d2:36:9c:fb:e6:bc:c0:75:
         1d:0d:b0:07:75:31:10:2f:17:80:8b:6b:67:5b:2a:86:cf:14:
         f4:2f:b2:b6:da:34:41:87:f6:08:84:a0:b4:e1:d0:71:39:ef:
         ea:1c:25:f5:87:c6:6c:f4:6e:a0:62:75:ac:da:49:9e:5d:58:
         cf:36:8c:0b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZRGkCR0QIkk9fCobZwWurFnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmYjRmNDBmMzIxMTU2MWMyOWYxYmJjMzIwYmQ4N2NmYTJk
ZGQwMjkwHhcNMjUwMTA4MTUzNzE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjA4NTM4ZTM0NDg4NDQ3NDllYWUzOWY3Yzc5MDlmNDg2ZTIwNWM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmMb597Gy+Ww/qLnr3GXiqw9EYIPD
SzU91R6lLe/PZZKofA7KTX1aWH/fOMYyulcVZF5sYiWnXkQwcDqvhpGcAonH4nHD
rRTptRPxUJ7ww8DRW7dt/I0JZylBEDcK5BUtbfTi5rbG6Gq6sB+itGc3Lq/IIl/b
S+lXGFPPB94CVWgIcLm7z2PolCmuR5p1Zy+iwJwv25VFvhuugHCAZNy6epr7w3yu
gTaAnR0iW2E0OdRnV3qyP1Lh6U4K7TAPnfmU6k016B7O2to8J+TvXQFLPYkVMwFp
c3U7+y6thH7iQ+RS54X6qnvMZlTw4caE05nD3QxrsT1OUDxDjRKKh+BbcQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFH8IU440SIRHSerjn3x5CfSG4gXHMB8GA1UdIwQY
MBaAFP+09A8yEVYcKfG7wyC9h8+i3dApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzdUMER6SVJWaHdwOGJ2RElMMkh6NkxkMENrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi8xNDhkODgtNjEzNi00Mzc0LTk5NGIt
ZDUzZjk0ZTIwN2E5LzEvZndoVGpqUkloRWRKNnVPZmZIa0o5SWJpQmNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi8xNDhkODgtNjEzNi00Mzc0LTk5NGItZDUzZjk0ZTIwN2E5
LzEvXzdUMER6SVJWaHdwOGJ2RElMMkh6NkxkMENrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAAjtAMA0E
AgACMAcDBQAqCelAMA0GCSqGSIb3DQEBCwUAA4IBAQBwfXv4KtHm50FSr270GvKv
gh1QzaevoWzdV1wexmQKuplUxt0D2m47Y1YnBMPnO1ZxwvuPbXGCia0sJZopUKj/
ipGmlx5zogq3CPUSQc+eWIjWv4aAnhx9cacbNt+xxFBm7jwhnDQlMJN6i57i1ShS
km1bJkJcIxaWWztLgUPzE9WOsrUm1uyWqvdk38MyfAs+vx22MoE5G/IIBaj3fizZ
fIdhRc9kzNv38eKaILcH6kkdeQaIzCuJxRtSIe360jac++a8wHUdDbAHdTEQLxeA
i2tnWyqGzxT0L7K22jRBh/YIhKC04dBxOe/qHCX1h8Zs9G6gYnWs2kmeXVjPNowL
-----END CERTIFICATE-----